Tag: ciberseguridad

A group of cybercriminals stole thousands of 'Roblox' accounts. Fortunately, they were caught in time

A group of suspects has been accused of distributing malicious software and selling access to stolen Roblox accounts. These criminal activities, which have caught the attention of authorities, were carried out in various online markets located in Russia, where a network was established to facilitate the buying and selling of compromised accounts. Stealing Roblox, a popular online gaming platform that allows users to create and share their own games, has become an attractive target for cybercriminals. The very nature of the game, which often involves financial transactions […]

A group of suspects has been accused of distributing malicious software and selling access to Roblox accounts that had been stolen.

These criminal activities, which have caught the attention of authorities, were carried out in various online markets located in Russia, where a network was established to facilitate the buying and selling of compromised accounts.

Stealing Roblox

Roblox, a popular online gaming platform that allows users to create and share their own games, has become an attractive target for cybercriminals.

The very nature of the game, which often involves financial transactions and the exchange of virtual goods, has been exploited by these criminals. It is suspected that the accused were developing and spreading malware to infiltrate their victims’ systems and access their accounts.

The accusations reveal a delicate landscape of online security, as unauthorized access to players’ accounts could imply not only the loss of virtual assets but also a considerable risk to users’ privacy. Authorities are working together with cybersecurity experts to track down the perpetrators and dismantle the networks that enable such criminal activities.

The investigation is expected to continue, and authorities are urging Roblox players to use more robust security measures, such as two-factor authentication, to protect their accounts. In a digital environment where gaming has become an integral part of youth culture, the need to safeguard the integrity of these platforms is more crucial than ever.

While the precise details of the accused’s operations have not yet been disclosed, the implications of these acts underscore the importance of cybersecurity in online entertainment.

The most well-known Brazilian cybercriminals have a new target: 'Minecraft'

A Brazilian cybercriminal group known as LofyGang has resurfaced after more than three years of inactivity to carry out a new campaign targeting Minecraft players. This time, they are using malware called LofyStealer, which is disguised as a hack for the game known as Slinky. The strategy of these attackers is based on exploiting the trust of young users in the gaming scene, using the official game icon to induce the execution of the malware. Mining Minecraft According to a technical report from the cybersecurity company ZenoX, LofyStealer is […]

A Brazilian cybercriminal group, known as LofyGang, has resurfaced after more than three years of inactivity to carry out a new campaign targeting Minecraft players. This time, they are using malware called LofyStealer, which is disguised as a hack for the game, known as Slinky. The strategy of these attackers is based on exploiting the trust of young users in the gaming scene, using the official game icon to induce the execution of the malware.

Mining Minecraft

According to a technical report from the cybersecurity company ZenoX, LofyStealer activates once the user launches the fake hack, triggering a JavaScript loader that downloads and executes the malware in the memory of the compromised system. Its goal is to steal sensitive data, including passwords, cookies, and international bank account numbers (IBAN) from various browsers such as Google Chrome, Firefox, and others.

LofyGang is not a new group; it has been active since late 2021 and had previously been linked to incidents of account theft in video games and streaming services. In 2022, it was observed that they exploited malicious packages on platforms like the npm registry and diverted data from accounts associated with Discord Nitro.

In this new phase, the group has adopted a Malware as a Service (MaaS) model, which allows affiliates to access attack tools through free and paid options. Additionally, it has been found that they use platforms like GitHub and YouTube to advertise their services, leveraging SEO poisoning techniques that allow them to attract unsuspecting users.

This campaign highlights a growing security challenge, where trusted platforms are used to distribute malicious payloads. Experts warn that users should be cautious and verify the legitimacy of any download offered in code repositories, even when they seem trustworthy.

Robert De Niro has a miniseries that has taken Netflix by storm with over 70 million views

The miniseries Day Zero, starring the iconic Robert De Niro, has captured the public’s attention and has become one of the most successful contents on Netflix since its premiere. Created by a talented team composed of Eric Newman, Noah Oppenheim, and Michael Schmidt, the series tells the story of George Mullen, a former president of the United States who is forced to investigate a devastating cyberattack that has left thousands dead. A former president with resources With a total of six episodes, each lasting between 43 and 58 minutes, Day Zero has accumulated 70.6 million of […]

The miniseries Day Zero, starring the iconic Robert De Niro, has captured the audience’s attention and has become one of the most successful contents on Netflix since its premiere. Created by a talented team composed of Eric Newman, Noah Oppenheim, and Michael Schmidt, the series tells the story of George Mullen, a former president of the United States who is forced to investigate a devastating cyberattack that has left thousands dead.

A former president with resources

With a total of six episodes, each lasting between 43 and 58 minutes, Day Zero has accumulated 70.6 million views, which translates to approximately 363.6 million hours watched. This impressive figure highlights the relevance of the thriller in a landscape where miniseries are emerging as an ideal option for those looking to enjoy an intense narrative without the commitment of long seasons.

The plot centers on the unsettling possibility that a cyberattack could paralyze the United States in just 60 seconds, causing immediate chaos and imminent tragedies. As energy, computer, and communication systems become inoperable, the impact of this fictional attack becomes a chilling reflection of the current vulnerabilities in our digital world.

Robert De Niro, who immerses himself deeply in his role, shared that filming Zero Day was a monumental challenge, comparing it to swimming across the English Channel. He was in almost every scene and had to be very attentive to all the details, he admitted. This dedication reflects not only his commitment to the project but also the growing importance of exploring themes like cybersecurity in contemporary fiction.

Netflix DOWNLOAD

Navigator360 has suffered a hacker attack: more than 93 Gb have been stolen

Two bipartisan senators, Maggie Hassan (D-NH) and Jim Banks (R-IN), have expressed their deep concern over a cyberattack that compromised sensitive student information through the Navigate360 platform, which manages an anonymous reporting line for school safety. In a letter sent on April 24, the lawmakers urged the company to provide clarity on the data that was stolen and how measures are being taken to prevent future incidents. Everyone against hackers! The attack, which is considered motivated by hacktivism, exposed vulnerabilities in the platform, allowing hackers to steal approximately 93 […]

Two bipartisan senators, Maggie Hassan (D-NH) and Jim Banks (R-IN), have expressed their deep concern over a cyberattack that compromised sensitive information of students through the Navigate360 platform, which manages an anonymous reporting line for school safety. In a letter sent on April 24, the lawmakers urged the company to provide clarity on the data that was stolen and how measures are being taken to prevent future incidents.

Everyone Against Hackers!

The attack, which is considered motivated by hacktivism, exposed vulnerabilities in the platform, allowing hackers to steal approximately 93 gigabytes of data. According to Navigate360, more than 30,000 schools and 5,000 public safety agencies use their products, making this incident a critical issue given the high number of affected users. The data breach compromises the safety of students and undermines public trust in the use of platforms designed to report suspicious activities.

Hassan and Banks emphasize that the attack puts at risk not only students but also all school staff, pointing out that 82% of K-12 schools reported having experienced some type of cyber incident between July 2023 and December 2024. The growing wave of cyberattacks in the education sector, intensified during the COVID-19 pandemic, has led to increasing concern about the protection of personal information and trust in reporting tools.

In response to the concerns, the CEO of Navigate360, JP Guilbault, stated that the company was investigating the scope of the incident, although he did not confirm the leak of sensitive information. However, senators are demanding answers about the company’s cybersecurity practices and the actual level of anonymity of its reporting line. The hackers’ statements, which suggest a political and social motivation, highlight the complexity of the context behind this cyberattack.

The GlassWorm attack intensifies with the discovery of 73 new extensions

The supply chain attack known as GlassWorm has recently escalated with the identification of 73 new sleeper extensions in the Open VSX market. This development, which occurred in April 2026, represents a dangerous evolution in the way threat actors distribute malware to software developers. This group of extensions follows a previous wave detected in March 2026, which had already documented 72 malicious extensions associated with the same operation. The evolution of malicious extensions The new tactics employed by the attackers aim to evade security scans. […]

The supply chain attack known as GlassWorm has recently escalated with the identification of 73 new sleeping extensions in the Open VSX marketplace. This development, which occurred in April 2026, represents a dangerous evolution in the way threat actors distribute malware to software developers. This group of extensions follows a previous wave detected in March 2026, which had already documented 72 malicious extensions associated with the same operation.

The evolution of malicious extensions

The new tactics employed by attackers aim to evade security scans. Previously, variants of this attack exploited dependency features of extensions to silently install malicious loaders. In contrast, the sleeping extensions are fake packages published before being activated, which initially seem harmless to build trust and accumulate downloads.

To carry out their operations, attackers create fraudulent accounts on GitHub to publish cloned versions of popular tools. A clear example is a fake extension of the Turkish Language Pack for Visual Studio Code, which closely emulates the legitimate version, even copying its icon and description, only changing the name of the publisher. Once developers install these cloned tools, the attackers wait to launch a software update that delivers the malware. At least six of the 73 new extensions have already been activated, serving as loaders to obtain external malware payloads.

The malicious code is no longer visible in the source code of the extension, which increases the opportunities to evade detection. Security teams must be vigilant for certain indicators of compromise, and it is crucial for developers to verify the namespaces of the editors and carefully review the download accounts before installing any extension from the Open VSX marketplace.

Beware! The HandyPay app captures your card information without permission

A new and more dangerous version of the NGate malware has been detected hidden in a payment NFC application known as HandyPay. This malicious software has been active since November 2025 and uses artificial intelligence to write its code, marking a significant shift in the techniques employed by cybercriminals to develop attack tools. Do not enter your card PIN in unknown applications The HandyPay application, which is originally legitimate and available on Google Play since 2021, has been trojanized. The attackers have distributed this malicious version outside the official store, using two distinct channels. The […]

A new and more dangerous version of the NGate malware hidden in a payment NFC application known as HandyPay has been detected. This malicious software has been active since November 2025 and uses artificial intelligence to write its code, marking a significant shift in the techniques employed by cybercriminals to develop attack tools.


Do not enter your card PIN in unknown applications

The HandyPay application, which is originally legitimate and available on Google Play since 2021, has been trojanized. The attackers have distributed this malicious version outside the official store, using two distinct channels. The first involves a fake lottery website that simulates being the Brazilian lottery organization Rio de Premios, where users are lured with a fraudulent scratch card game. The second channel involves a fake Google Play page aimed at deceiving users into downloading the malware under the name Card Protection.

Once the application is installed, HandyPay asks the user to set it as the default NFC payment app. This seems harmless as it is part of the original functionality of the app. However, when the user enters their card PIN and brings their card close to the phone, the malware captures the card information and sends it to the attacker-controlled device without requiring special permissions, making it difficult to detect.

Researchers from WeLiveSecurity have identified that the malicious code contains signs of generation by artificial intelligence. Users are advised to download paid applications only from official sources and to enable Google Play Protect for added security. Additionally, it is crucial not to enter the card PIN in unknown applications, especially those that seem to offer prizes or card protection.

The Middle East also has problems with cyberattacks. They have increased significantly!

During the first quarter of 2026, a notable increase in attacks targeting network devices was recorded, with 90% of these incidents originating in the Middle East, according to a report by Barracuda. The most affected devices were SonicWall and Fortinet FortiGate, which accounted for more than half of all threat activity recorded between February and March of this year. More problems in the Middle East! Anthony Fusco, cybersecurity analyst manager at Barracuda, commented that the attacks were identified based on the geolocation of IP addresses, most of which came from various locations in […]

During the first quarter of 2026, a notable increase in attacks targeting network devices was recorded, with 90% of these incidents originating in the Middle East, according to a report by Barracuda. The most affected devices were SonicWall and Fortinet FortiGate, which accounted for more than half of all threat activity recorded between February and March of this year.

More problems in the Middle East!

Anthony Fusco, cybersecurity analyst manager at Barracuda, commented that the attacks were identified based on the geolocation of the IP addresses, most of which came from various locations in the Middle East. Although IP addresses alone are not a reliable indicator, Fusco noted that it is reasonable to assume the involvement of groups linked to states and professional actors, as well as opportunistic groups. Additionally, hackers are aggressively scanning perimeter devices for weak or exposed credentials.

This increase in malicious activity coincides with the rise in tensions in the region, following the bombings by the U.S. and Israel at the end of February. U.S. authorities, including the FBI and the Cybersecurity and Infrastructure Security Agency, warned that hackers linked to Iran have targeted critical infrastructure in the country. Although Barracuda did not establish a clear link between these attacks and the conflict in the region, the timeline suggests a correlation.

Security experts recommend implementing multifactor authentication on firewalls and VPNs, as well as using complex passwords and monitoring failed login attempts. The specific attention to devices like SonicWall and Fortinet is not surprising, as they are considered high-value targets for initial access. In the summer of 2025, SonicWall had already suffered a series of brute force attacks, suggesting a continuity in the risk for these devices.

Google marks a turning point in preventing cybercrime

Google has announced the public rollout of its Device-Based Session Credentials (DBSC) for Windows users through Chrome 146. This significant advancement in security is designed to combat session hijacking, a common technique used by attackers to compromise user accounts. With this release, Google marks a shift towards proactive threat prevention, moving away from reactive approaches based on intrusion detection. Fighting against cybersecurity! DBSC links an authentication session to the user’s physical device using hardware-backed security modules, such as the […]

Google has announced the public rollout of its Device-Bound Session Credentials (DBSC) for Windows users via Chrome 146. This significant advancement in security is designed to combat session hijacking, a common technique used by attackers to compromise user accounts.

With this release, Google marks a shift towards proactive threat prevention, moving away from reactive approaches based on intrusion detection.

Fighting Against Cybersecurity!

DBSC links an authentication session to the user’s physical device through hardware-backed security modules, such as the Trusted Platform Module (TPM) on Windows devices. Upon logging in, the hardware generates a pair of public and private keys, where the private key can never be exported from the device. This measure ensures that even if an attacker steals the session cookies, they quickly become useless, as the credentials expire in a short period and the attacker lacks the physical key of the device.

In addition, the DBSC protocol will soon be implemented on macOS, expanding its reach. This technology allows web developers to integrate advanced security measures without additional complications, as Chrome handles the cryptographic complexities in the background. Despite its strict device linking capabilities, DBSC incorporates rigorous privacy controls, using a completely separate key for each session, which prevents unwanted tracking of users.

Google developed DBSC as an open standard in collaboration with W3C and Microsoft, testing it on platforms like Okta. Looking ahead, it is expected that the capabilities of DBSC will expand to secure federated identity environments and single sign-on (SSO) in enterprises, as well as advanced registration options that link sessions to existing hardware security keys.

New cyberattack reveals vulnerability in AI security analysis

A recent cyber attack has highlighted a structural disconnection between the HTML text and what users actually see in their browsers, allowing attackers to send malicious instructions that go unnoticed by artificial intelligence assistants. This finding was presented by LayerX, a cybersecurity company, which demonstrated its technique through a fake fanfiction site for Bioshock. By using a custom font, the attackers were able to hide a malicious message in seemingly harmless content. Hidden threats in HTML The attack revealed that, although AI assistants like ChatGPT and Claude were examining the […]

A recent cyber attack has highlighted a structural disconnection between the HTML text and what users actually see in their browsers, allowing attackers to send malicious instructions that go unnoticed by artificial intelligence assistants. This finding was presented by LayerX, a cybersecurity company, which demonstrated its technique using a fake Bioshock fanfiction site. By using a custom font, the attackers were able to hide a malicious message in seemingly harmless content.

Hidden Threats in HTML

The attack revealed that, although AI assistants like ChatGPT and Claude were examining the underlying HTML for threats, they lacked the ability to identify hidden content that appeared safe at first glance. In this case, the malicious text urged users to execute a reverse shell on their machines, while the visible text was a set of unreadable characters.

LayerX has pointed out that this vulnerability does not require the use of JavaScript or exploit kits, revealing a flaw in how AI tools analyze the security of web pages. While browsers present information in a designed manner, AIs treat the text of the DOM as the complete representation of what is shown to the user, leaving a gap that attackers can exploit.

In response to this threat, LayerX recommends that AI providers implement dual rendering analysis and treat custom fonts as potential threat surfaces. Additionally, it is vital that these tools avoid making security judgments without having verified the full context of the page. So far, Microsoft has stood out as the only provider that has fully addressed the issue following LayerX’s responsible disclosure in December 2025.

Don't stay in the past: phishing has become much more sophisticated

Phishing campaigns have become more sophisticated, not only seeking to deceive employees but also exhausting the resources of security operations center (SOC) analysts. Organizations are facing an increase in phishing reports that congest investigation queues, which decreases the quality of analysis and increases the risk of security breaches. Fishing in the sea of crime According to recent reports, some attackers have designed their campaigns to maximize the effort required for investigation, causing incidents that should be resolved in minutes to take hours, significantly widening the window […]

Phishing campaigns have become more sophisticated, not only seeking to deceive employees but also exhausting the resources of security operations analysts (SOC). Organizations are facing an increase in phishing reports that congest investigation queues, which decreases the quality of analysis and increases the risk of security breaches.

Fishing in the Sea of Crime

According to recent reports, some attackers have designed their campaigns to maximize the effort required for investigation, causing incidents that should be resolved in minutes to take hours, significantly widening the window of opportunity for an attack. This tactic has led SOC teams to a state of alert fatigue, where response times are reduced and decisions are made with less rigor.

Organizations, therefore, must reevaluate their approaches to defending against phishing. It is not only about training employees to identify suspicious emails, but also about optimizing post-report investigation processes. Implementing systems that provide synthesized analysis can enable analysts to make faster and more effective decisions, reducing investigation time from hours to minutes.

Despite current efforts to automate threat detection, many tools do not address the fundamental problem of workload in SOCs. An emerging approach is focused on decision-ready investigation, where the system provides a clear assessment, allowing analysts to review investigations instead of conducting them from scratch. This could radically change the dynamics of investigations against phishing campaigns, contributing to a faster and more robust response to attacks.

Platforms like Conifers.ai are developing solutions to provide these phishing investigations in minutes, instead of hours, effectively combating the attackers’ exhaustion strategies.